Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,102 advisories

Loading
BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability.... High Unreviewed
CVE-2025-2773 was published Apr 23, 2025
ILIAS before 7.16 allows OS Command Injection. High Unreviewed
CVE-2022-45915 was published Dec 7, 2022
TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a... Critical Unreviewed
CVE-2025-28037 was published Apr 22, 2025
A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19... High Unreviewed
CVE-2022-43548 was published Dec 6, 2022
D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2022-44930 was published Dec 2, 2022
D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2022-44928 was published Dec 2, 2022
YoutubeDLSharp allows command injection on windows system due to non sanitized arguments Critical
CVE-2025-43858 was published for YoutubeDLSharp (NuGet) Apr 23, 2025
kitsumed alxnull
Credited to kitsumed and alxnull
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote... High Unreviewed
CVE-2022-37924 was published Dec 12, 2022
snyk Code Injection vulnerability High
CVE-2022-24441 was published for snyk (npm) Jul 6, 2023
WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection attack that could allow an... Critical Unreviewed
CVE-2025-46272 was published Apr 25, 2025
UNI-NMS-Lite is vulnerable to a command injection attack that could allow an unauthenticated... Critical Unreviewed
CVE-2025-46271 was published Apr 25, 2025
A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version... Critical Unreviewed
CVE-2022-44808 was published Nov 22, 2022
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in... Critical Unreviewed
CVE-2022-44251 was published Nov 23, 2022
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter... Critical Unreviewed
CVE-2022-44249 was published Nov 23, 2022
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter... Critical Unreviewed
CVE-2022-44250 was published Nov 23, 2022
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter... Critical Unreviewed
CVE-2022-44252 was published Nov 23, 2022
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to execute... Moderate Unreviewed
CVE-2025-43920 was published Apr 20, 2025
SEPPmail through 12.1.17 allows command injection within the Admin Portal. An authenticated... Moderate Unreviewed
CVE-2022-41871 was published Apr 28, 2025
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name... High Unreviewed
CVE-2022-45939 was published Nov 28, 2022
D-Link DIR823G 1.02B05 is vulnerable to Commad Injection. Critical Unreviewed
CVE-2022-44201 was published Nov 22, 2022
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-44844 was published Nov 25, 2022
vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints Critical
CVE-2024-9053 was published for vllm (pip) Mar 20, 2025
A vulnerability, which was classified as critical, has been found in SourceCodester Web-based... Moderate Unreviewed
CVE-2025-3729 was published Apr 16, 2025
A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a... High Unreviewed
CVE-2025-24351 was published Apr 30, 2025
In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a command injection... High Unreviewed
CVE-2022-40847 was published Nov 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database